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Detailed Action 
Remarks 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since 
this application is eligible for continued examination under 37 CFR 1.114, and the 
fee set forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous 
Office action has been withdrawn pursuant to 37 CFR 1 .1 14. Applicant's 
submission filed on 05/15/2009 has been entered. 

2. This office action is in response to the amendment filed on 05/15/2009. 

3. Claim 2 has been cancelled. 

4. Claims 1 , 1 1 , 20 and 32 have been amended 

5. Claims 1, 3-6, 8-16, 18-20 and 22-35 remain pending and have been examined. 

Response to Arguments 

6. Applicant's arguments filed on 05/15/2009, in particular on pages 8-12, have 
been fully considered but they are not persuasive. For example: 

■ At page 9, last paragraph, the Applicants submit that the system of Jerger 
requires voluntary input from the user in order to run a build process at a 
specific level of trust. However, Examiner's position is that the user input of 
Jerger is the same step as the limitation regarding to "a developer associates" 
as recited in claim 1 . 
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■ At page 1 0, second paragraph, the Applicants submit that Jerger does not 
disclose levels of trust associated with build entities. However, Examiner 
respectfully disagrees. As Jerger disclosed in Fig. 10, it clearly indicates that 
the user (developer) specifies/associates signed code package (1010), 
permission set (1040), digital signature (1045) (levels of trust) with the code 
package (1020) (entity) (see for example, Fig. 10, items 1010, 1040, 1045, 
1060 and related text; Fig .11, step 1112, "Specify permissions required to run 
class in requested permission set"; step 1114, "externally attach the 
requested permission set to the class"; step 1116, "Digitally sign the class" 
and related text). Therefore, during the build process (execution), all the 
entities with the levels of trust (code package) will be checked to determine 
the levels of trust (see for example, Fig.13A, steps 1312, 1322, 1327, 1330 
and related text). 

■ At page 1 0, last paragraph, the Applicants point out that the amended claims 
further recite the levels of trust include (i) allowing any operation to be 
perform (ii) allowing only a minimal set of operations to be performed and (iii) 
aborting the build process. However, Examiner's position is that Jerger still 
teaches such limitations as recited. As Jerger disclosed at Fig.13A-C, (i)if the 
class is digitally signed, permission set is attached and requested permission 
set is a subset of the granted permission set, any granted permissions with 
the class will be stored(steps 1 31 2->1 320->1 336-1 31 8) and thus allowing any 
operation to be performed; (ii)lf the class digitally is not signed (steps 1312- 
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>1 31 4->1 31 6), a default set of permissions for unsigned class from system 
registry are granted, wherein the default permissions is only a minimal set of 
operation/permissions as showed in Fig.12C (see for example, Fig.12C, items 
1230i, 1232i "RegistryPermission" and related text); (iii) If the signature 
verification is not passed (steps 1322->1324 "Fail"), the process fails (abort). 
Therefore, Cynerman and Jerger together still teach all the limitations as 
recited in the independent claims. 



Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claims 1, 3-6, 8-16, 18-20 and 22-35 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Cynerman (Michael Cynerman, Automate your build 
process using Java and Ant) in view of Jerger (US 6,321,334). 

Claim 1: 

Cynerman discloses a system that facilitates management of a build process, 
comprising: 

■ a build process that processes one or more build entities (see for example, 
p.1, section Introducing the powerful XML-based scripting tool, Ant. "A 
defined build process" and related description); and 
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■ a policy component that is processed by the build process within which the 
build process operates (see for example, p. 3, example of simple.xml file 
includes build policy/rules for build process) 
Cvnerman also discloses using "include/exclude" and "unless" entities to match 
the pattern in the name attribute from the compilation (see for example, p. 6, first 
and second paragraphs). But Cvnerman does not explicitly disclose determining 
one or more levels of trust within which the build process operates. 
However, Jerqer in the same analogous art of computer-based system discloses 
a method of configuration of a system security policy that is stored on a host 
computer, (see for example, Figure 8, items 812 Unsigned Permissions, 814 
Trusted Signed Permissions, 816 Untrusted Signed Permissions and related 
text), wherein the one or more build entities are each associated with one or 
more levels of trust, such that at build time, a principal permission level under 
which the build process executes is determined by analyzing the levels of trust 
associated with each of the build entities, and lowest level of trust of all involved 
build entities dictates the principal permission level for execution of the build 
process (see for example, Fig.13A-C, step 1312, "Is class digitally signed?", step 
1324 "Fail", step 1334, "Compare Requested permission set to granted 
permission set", step 1338, 1318 "Grant requested Permissions", "Store any 
Granted Permissions with the Class"). Therefore, it would have been obvious to 
one having ordinary skill in the art at the time the invention was made to define 
those different levels of trust for the build entities and use Cvnerman 's "unless" 
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entities to match the pattern in the name attribute about the levels of trust from 
the compilation. One would have been motivated to do so to secure the build 
process by automatically administering the decision to grant or deny permissions 
to specific build entities as suggested by Jerqer (see for example, col. 2, lines 27- 
51). 

Jerqer further discloses the levels of trust include levels that are representative of 
trusted, which has no restrictions to the build process (see for example, Fig.13A- 
C, steps 1 31 2->1 320->1 336-1 31 8 and related text), semi-trusted, which has 
restrictions to the build process (see for example, Fig.13A-C, steps 1 31 2->1 314- 
>1316 and related text; also see Fig.12C, item 1230i and 1232i and related text), 
and untrusted, which causes the build process to fail, (see for example, Figure 
13A-C, steps 1322->1324, "Fail" and related text). 

Cvnerman also discloses a BuildListener interface which can listen, catch and 
notify when certain steps in the build process (see for example, p. 7, section 
Reporting enhancement, "If you wanted to extend Ant's functionality to provide 
notification when certain steps in the build process are completed or are in 
progress..."; "BuildListener" and related text). Therefore, it would have been 
obvious to one having ordinary skill in the art at the time the invention was made 
to notify developer any events including the event wherein if the lowest level of 
trust is untrusted and the build process fails as suggested by Cvnerman 



Claim 3: 
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Cynerman and Jerger disclose the system of claim 1 , Cynerman further discloses 
the policy component includes one or more policy files that are processed by the 
build process (see for example, p.3, example of simple.xml file includes build 
policy/rules for build process). 

Claim 4: 

Cynerman and Jerger disclose the system of claim 1 , Cynerman further discloses 
the policy component includes one or more policy files that are processed by the 
build process before the one or more build entities are built (see for example, p.3, 
example of simple.xml file includes build policy/rules for build process). 

Claim 5: 

Cynerman and Jerger disclose the system of claim 1 , Cynerman further discloses 
the one or more entities include at least one of a project, a task, a logger, and 
operating system (OS) account information (see for example, p.3, example of 
simple.xml file includes project; also see example command line, p. 7, XmlLogger 
for writing a reporting tool). 

Claim 6: 

Cynerman and Jerger disclose the system of claim 1 , Jerger further discloses at 
least one of the one or more build entities are each associated with the one or 
more of the levels of trust, which associations are defined in the policy 
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component via at least one of a user-definable policy file and a default policy file, 
at least one or both of which are processed to determine the level of trust for the 
build process (see for example, Figure 4A, set the security level for this zone, 
items 408-412 and related text; also see col. 18, lines 51-63, "each security zone 
has a default security level, which is used if not changed by a user"). 

Claim 8: 

Cvnerman and Jerqer disclose the system of claim 1 , Cvnerman also discloses a 
computer that employs the system of claim 1 (see for example, p. 3, lines 3-4, NT 
machine). 

Claim 9: 

Cvnerman and Jerger disclose the system of claim 1 , Cvnerman also discloses a 
server that employs the system of claim 1 (see for example, p. 3, line 3, server's 
operating system). 

Claim 10: 

Cvnerman and Jerqer disclose the system of claim 1 , Cvnerman also discloses 
the system of claim 1 , the entity is received at least by one of downloading from a 
website, as part of an e-mail, and a version control system (see for example, p. 2, 
line 1, CVS- Handles package/modules retrieved from a CVS repository). 
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Claim 11-15: 

Claims 11-15 are another system version of claims 1 -6 and 8-1 0 addressed 
above, wherein all claimed limitation functions have been addressed and/or set 
forth above. Thus, they also would have been obvious. 

Claim 16: 

Cvnerman and Jerqer disclose the system of claim 1 1 , Jerqer further discloses 
an option for setting custom permission level (see for example, Figure 8, item 
816 and 824, "Refuse untrusted permission without asking" and related text). 
Therefore, it would have been obvious that the build process would exclude and 
not build those entities when the permission level is representative of untrusted. 

Claim 18: 

Cvnerman and Jerqer disclose the system of claim 1 1 , Cvnerman further 
discloses the one or more policy files are written in XML (see for example, p. 3, 
example of simple.xml file includes build policy/rules for build process) 

Claim 19: 

Cvnerman and Jerqer disclose the system of claim 1 1 , Cvnerman further 
discloses the one or more policy files are adjusted automatically according to one 
or more parameters (see for example, p.3, bottom line - p.4, line 7 the example 
of Ant command line parameter, e.g. "init" and related text). 
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Claim 20: 

Claim 20 is computer program product version of the claimed method, wherein all 
claimed limitation functions have been addressed in claims 1-6 and 8-10 above 
respectively. It is well known in the computer art that such method steps can be 
implemented as computer program and can be practiced and /or stored on a 
computer operable media. Thus, they also would have been obvious in view of 
reference teachings above. 

Claim 22: 

Cvnerman and Jerqer disclose the system of claim 20, Cvnerman further 
discloses the method of claim 20, further comprising sending a message when 
the build process fails (see for example, p. 7, section "Reporting enhancements", 
BuildEvent, "public Throwable getExceptionQ" and related text). 

Claim 23: 

Cvnerman and Jerqer disclose the system of claim 20, Jerqer further discloses, 
providing a level of trust that allows any operation to be performed during the act 
of performing (see for example, Figure 8, item 816, "Untrusted Signed 
Permissions", item 826, "Apply to all permissions not specifically allowed" and 
related text) 
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Claim 24: 

Cynerman and Jerger disclose the system of claim 20, Jerger further discloses 
providing a level of trust that allows only a minimal set of operations to be 
performed during the act of performing (see for example, Figure 8, item 816 and 
824, "Refuse untrusted permission without asking" and related text. Therefore, 
only trusted permission allows.). 

Claim 25; 

Cynerman and Jerger disclose the system of claim 20, Jerger further discloses 
providing a level of trust that aborts the build process during the act of performing 
(see for example, Figure 4A, "Set the security level for the zone", item 408 "High, 
exclude content that could damage your computer").. 

Claim 26: 

Cynerman and Jerger disclose the system of claim 20, Jerger further discloses, 
the act of associating associates one of the one or more build entities with at 
least two levels of trust (see for example, Figure 9A, 9C and related text; For 
setting different Read Access type and Connect Access type). 



Claim 27: 
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Cynerman and Jerger disclose the system of claim 20, Jerger further discloses 
providing a default set of associations between the one or more build entities and 
one or more levels of trust in the form of a file (see for example, Figure 8, "Edit 
Custom Permissions", "Save" button can be used to save configuration to file) 

Claim 28: 

Cynerman and Jerger disclose the system of claim 20, Jerger further discloses, 
the level of trust is defined according to at least one of user-defined policy data 
and default policy data (see for example, Figure 4A, default: High, Medium and 
Low; User defined: Custom). 

Claim 29: 

Cynerman and Jerger disclose the system of claim 20, Jerger further discloses, 
the user-defined policy data overrides the default data where a conflict occurs 
(see for example, col. 18, lines 51-63, "each security zone has a default security 
level, which is used if not changed by a user"). 

Claim 30: 

Cynerman and Jerger disclose the system of claim 20, Cynerman further 
discloses, storing the association of the build entity with the level of trust in the 
form of a file to which access is restricted (see for example, p. 3, example of 
simple.xml file includes build policy/rules for build process; also see p. 6, first and 
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second paragraphs, "include/exclude" and related text). 
Claim 31: 

Cvnerman and Jerqer disclose the system of claim 20, Cvnerman further 
discloses, storing the association of the build entity with the level of trust in the 
form of a file that further relates the use of system resources with the level of 
trust (see for example, p. 6, third paragraph about setting "available" property for 
using class "com.ibm.bsf.BSFManager"). 

Claim 32-35: 

Claims 32-35 are another system version of claims 1-6 and 8-10 addressed 
above, wherein all claimed limitation functions have been addressed and/or set 
forth above. Thus, they also would have been obvious. 

Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

1 0. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Zheng Wei whose telephone number is (571) 
270-1 059 and Fax number is (571 ) 270-2059. The examiner can normally be 
reached on Monday-Thursday 8:00-15:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Tuan Q. Dam can be reached on (571) 272-3695. The 
fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Any inquiry of a general nature of relating to the status of this application 
or proceeding should be directed to the TC 2100 Group receptionist whose 
telephone number is 571- 272-1000. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 



/Z. W./ 

Examiner, Art Unit 2192 



/Tuan Q. Dam/ 

Supervisory Patent Examiner, Art Unit 2192 



